diff --git a/hplip-CVE-2026-8631-osh.patch b/hplip-CVE-2026-8631-osh.patch index 2f2929e..91baaa7 100644 --- a/hplip-CVE-2026-8631-osh.patch +++ b/hplip-CVE-2026-8631-osh.patch @@ -1,8 +1,8 @@ diff --git a/prnt/hpcups/genPCLm.cpp b/prnt/hpcups/genPCLm.cpp -index 1952ef2..0b3208a 100644 +index 0e1650c..5f83cba 100644 --- a/prnt/hpcups/genPCLm.cpp +++ b/prnt/hpcups/genPCLm.cpp -@@ -1921,8 +1921,11 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh +@@ -1917,8 +1917,11 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh #ifdef SUPPORT_WHITE_STRIPS int whiteStripLen=0; if(!safe_mul_int_positive(thisHeight, currSourceWidth, &whiteStripLen) || @@ -15,7 +15,7 @@ index 1952ef2..0b3208a 100644 bool whiteStrip=isWhiteStrip(pInBuffer, whiteStripLen); if(DebugIt2) { -@@ -1944,11 +1947,17 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh +@@ -1940,11 +1943,17 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh ubyte whitePt=0xff; size_t tmpStripSize=0; if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize)) @@ -33,3 +33,63 @@ index 1952ef2..0b3208a 100644 memset(tmpStrip,whitePt,tmpStripSize); +@@ -2012,7 +2021,10 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh + { + int sourceLen=0; + if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen)) ++ { ++ free(newStripPtr); + return(errorOutAndCleanUp()); ++ } + uint32 len=(uint32)sourceLen; + uLongf destSize=len; + +@@ -2021,12 +2033,18 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh + ubyte whitePt=0xff; + size_t tmpStripSize=0; + if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize)) ++ { ++ free(newStripPtr); + return(errorOutAndCleanUp()); ++ } + + // We need to inject a blank image-strip with a height==topMarginInPix + ubyte *tmpStrip=(ubyte*)malloc(tmpStripSize); + if(!tmpStrip) ++ { ++ free(newStripPtr); + return(errorOutAndCleanUp()); ++ } + uLongf tmpDestSize=destSize; + memset(tmpStrip,whitePt,tmpStripSize); + +@@ -2075,20 +2093,29 @@ int PCLmGenerator::Encapsulate(void *pInBuffer, int inBufferSize, int thisHeigh + { + int sourceLen=0; + if(!safe_mul_int_positive(numLinesThisCall, scanlineWidth, &sourceLen)) ++ { ++ free(newStripPtr); + return(errorOutAndCleanUp()); ++ } + + if(firstStrip && topMarginInPix) + { + ubyte whitePt=0xff; + size_t tmpStripSize=0; + if(!safe_mul_size_t((size_t)scanlineWidth, (size_t)topMarginInPix, &tmpStripSize)) ++ { ++ free(newStripPtr); + return(errorOutAndCleanUp()); ++ } + + // We need to inject a blank image-strip with a height==topMarginInPix + + ubyte *tmpStrip=(ubyte*)malloc(tmpStripSize); + if(!tmpStrip) ++ { ++ free(newStripPtr); + return(errorOutAndCleanUp()); ++ } + memset(tmpStrip,whitePt,tmpStripSize); + + for(sint32 stripCntr=0; stripCntr - 3.18.4-13 +- Fix more leaks in hpcups + * Fri Jun 12 2026 Zdenek Dohnal - 3.18.4-12 - OSH fixes after CVE-2026-8631